Add tel, sip, bitcoin, ethereum and rtsp URIs to the whitelist for links (7ae0c34b) · Commits · e / os / Mail

k9mail/src/main/java/com/fsck/k9/message/html/HtmlSanitizer.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -25,7 +25,8 @@ public class HtmlSanitizer {
		"align", "bgcolor", "colspan", "headers", "height", "nowrap", "rowspan", "scope", "valign",
		"width")
		.addAttributes(":all", "class", "style", "id")
		.addProtocols("img", "src", "http", "https", "cid", "data");
		.addProtocols("img", "src", "http", "https", "cid", "data")
		.addProtocols("a", "href", "tel", "sip", "bitcoin", "ethereum", "rtsp");

		cleaner = new Cleaner(whitelist);
		headCleaner = new HeadCleaner();

+21 −0

Original line number	Diff line number	Diff line
		@@ -213,4 +213,25 @@ public class HtmlSanitizerTest {
		"<center><font face=\"Arial\" color=\"red\" size=\"12\">A</font></center>" +
		"</body></html>", toCompactString(result));
		}

		@Test
		public void shouldKeepUris() {
		String html = "<html><body>" +
		"<a href=\"tel:00442079460111\">Telephone</a>" +
		"<a href=\"sip:user@example.com\">SIP</a>" +
		"<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" +
		"<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" +
		"<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" +
		"</body></html>";

		Document result = htmlSanitizer.sanitize(html);

		assertEquals("<html><head></head><body>" +
		"<a href=\"tel:00442079460111\">Telephone</a>" +
		"<a href=\"sip:user@example.com\">SIP</a>" +
		"<a href=\"bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu\">Bitcoin</a>" +
		"<a href=\"ethereum:0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7\">Ethereum</a>" +
		"<a href=\"rtsp://example.com/media.mp4\">RTSP</a>" +
		"</body></html>", toCompactString(result));
		}
		}